Driven by the ever increasing information security demands in mobile devices, the Trusted Computing Group (TCG) formed a dedicated group - Mobile Phone Working Group (MPWG). to address the security needs of mobile platforms. Along this direction, the MPWG has recently released a Trusted Mobile Phone Reference Architecture Specification. In order to realize trusted mobile platforms, they adapt well-known concepts like TPM, isolation, integrity measurement, etc. from the trusted PC world - with slight modifications due to the characteristics and resource limitations of mobile devices - into generic mobile phone platforms. The business needs of mobile phone industry mandate 4 different stakeholders(platform owners): device manufacturer, cellular service provider, general service provider, and of course the end-user. The specification requires separate trusted and isolated operational domains, so called Trusted Engines, for each of these stakeholders. Although the TCG MPWG does not explicitly prescribe a specific technical realization of these Trusted Engines, a general perception suggests reusing the very well established (Trusted) Virtualization concept from corresponding PC architectures. However, despite of all its merits, the current "resource devourer" Virtualization is not very well suited for mobile devices. Thus, in this paper, we propose another isolation technique, which is specifically crafted for mobile phone platforms and respects its resource limitations. We achieve this goal by realizing the TCG's Trusted Mobile Phone specification by leveraging SELinux which provides a generic domain isolation concept at the kernel level. Additional to harnessing the potential of SELinux to realize mobile phone specific (isolated) operational domains, we are also able to seamlessly integrate the important integrity measurement and verification concept into our SELinux-based Trusted Mobile Phone architecture. This is achieved by defining some SELinux policy language extensions. Thus, the present paper provides a novel, efficient and inherently secure TCG-aware Mobile Phone reference architecture

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	M. Alam, M. Hafner, J.-P. Seifert, and X. Zhang. Extending SELinux Policy Model and Enforcement Architecture for Trusted Platforms Paradigms. In Annual SELinux Symposium 2007.
	2	Apparmor. http://en.opensuse.org/AppArmor.
	3	J. Brizek, M. Khan, J.-P. Seifert, and D. A. Wheeler. A Platform-level Trust-Architecture for Hand-held Devices. In CRASH (2005).
	4	CDS Framework IDE. http://oss.tresys.com/projects/cdsframework.
	5	Thomas Eisenbarth , Tim Güneysu , Christof Paar , Ahmad-Reza Sadeghi , Dries Schellekens , Marko Wolf, Reconfigurable trusted computing in hardware, Proceedings of the 2007 ACM workshop on Scalable trusted computing, November 02-02, 2007, Alexandria, Virginia, USA  [doi>10.1145/1314354.1314360]
	6	HP NetTop: A technical overview. http://h20338.www2.hp.com/enterprise/downloads/ HP_NetTop_Whitepaper2.pdf.
	7	Limo foundation. https://www.limofoundation.org.
	8	NSA Security-Enhanced Linux Example Policy. http://www.nsa.gov/selinux/.
	9	Open Mobile Alliance. http://www.openmobilealliance.org.
	10	Open trusted computing (opentc) consortium. http://www.opentc.net/.
	11	SELinux Reference Policy. http://oss.tresys.com/projects/refpolicy.
	12	The Linux Intrusion Defence System (LIDS). http://www.lids.org/.
	13	Linux phone market opening up? http://www.linuxdevices.com/news/NS8591201260.html, 2007.
	14	TCG mobile reference architecture specification version 1.0. https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobilereference-architecture-1.0.pdf, June 2007
	15	TCG Mobile Trusted Module Specification Version 1.0. https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobiletrusted-module-1.0.pdf, June 2007.
	16	Keith Adams , Ole Agesen, A comparison of software and hardware techniques for x86 virtualization, Proceedings of the 12th international conference on Architectural support for programming languages and operating systems, October 21-25, 2006, San Jose, California, USA
	17	D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations and model. Mitre Corp. Report No.M74--244, Bedford, Mass., 1975.
	18	K. J. Biba. Integrity considerations for secure computer systems. Technical Report TR-3153, The Mitre Corporation, Bedford, MA, April 1977.
	19	W. Boebert and R. Kain. A practical alternative to hierarchical integrity policies. In Proc. of the 8th National Computer Security Conference, 1985.
	20	D. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In Proceedings of IEEE Symposium on Security and Privacy, pages 184--194, Oakland, CA, May 1987.
	21	Department of Defense National Computer Security Center. Department of Defense Trusted Computer Systems Evaluation Criteria, December 1985. DoD 5200.28-STD.
	22	Timothy Fraser, LOMAC: MAC You Can Live With, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, p.1-13, June 25-30, 2001
	23	Tal Garfinkel , Ben Pfaff , Jim Chow , Mendel Rosenblum , Dan Boneh, Terra: a virtual machine-based platform for trusted computing, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	24	Trent Jaeger , Reiner Sailer , Umesh Shankar, PRIMA: policy-reduced integrity measurement architecture, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA  [doi>10.1145/1133058.1133063]
	25	N. L. Kelem and R. J. Feiertag. A separation model for virtual machine monitors. In IEEE Symposium on Research in Security and Privacy, 1991.
	26	Peter Loscocco , Stephen Smalley, Integrating Flexible Support for Security Policies into the Linux Operating System, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, p.29-42, June 25-30, 2001
	27	K. MacMillan, S. Shimko, C. Sellers, F. Mayer, and A. Wilson. Lessons learned developing cross-domain solutions on selinux. In Proc. of SELinux Symposium, 2006.
	28	Frank Mayer , Karl MacMillan , David Caplan, SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series), Prentice Hall PTR, Upper Saddle River, NJ, 2006
	29	OMTP. Application security framework. http://www.omtp.org/docs/OMTP_Application_Security_Framework_v2_0.pdf, 2007.
	30	C. J. PeBenito, F. Mayer, and K. MacMillan. Reference policy for security enhanced linux. In Proc. of SELinux Symposium, 2006.
	31	R. Sailer, T. Jaeger, E. Valdez, R. Perez, S. Berger, J. L. Griffin, and L. van Doorn. Building a mac-based security architecture for the xen opensource hypervisor. Technical report, IBM Research Report RC23629, 2005.
	32	J. M. Rushby. Proof of separability: A verification technique for a class of security kernels. In Computing Laboratory, University of Newcastle Upon Tyne, May 5 1981.
	33	A. Sadeghi and C. Stuble. Taming trusted platforms by operating system design. In Proceedings of the 4th International Workshop for Information Security Applications, LNCS 2908, pages 286--302, Berlin, Germany, August 2003.
	34	Reiner Sailer , Xiaolan Zhang , Trent Jaeger , Leendert van Doorn, Design and implementation of a TCG-based integrity measurement architecture, Proceedings of the 13th conference on USENIX Security Symposium, p.16-16, August 09-13, 2004, San Diego, CA
	35	J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278--1308, 1975.
	36	A. Wilson. SEFramework: A new policy development framework and tool to support security engineering. In Proc. of SELinux Symposium, 2005.